Re: [PATCH v4 4/4] rpmsg: char: Introduce the "rpmsg-raw" channel
From: Arnaud POULIQUEN
Date: Mon Oct 11 2021 - 11:37:59 EST
On 10/9/21 2:06 AM, Bjorn Andersson wrote:
> On Mon 12 Jul 06:19 PDT 2021, Arnaud Pouliquen wrote:
>
>> Allows to probe the endpoint device on a remote name service announcement,
>> by registering a rpmsg_driverfor the "rpmsg-raw" channel.
>>
>> With this patch the /dev/rpmsgX interface can be instantiated by the remote
>> firmware.
>>
>> Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@xxxxxxxxxxx>
>> Reviewed-by: Mathieu Poirier <mathieu.poirier@xxxxxxxxxx>
>> Tested-by: Julien Massot <julien.massot@xxxxxxx>
>> ---
>> drivers/rpmsg/rpmsg_char.c | 75 +++++++++++++++++++++++++++++++++++++-
>> 1 file changed, 73 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/rpmsg/rpmsg_char.c b/drivers/rpmsg/rpmsg_char.c
>> index bd728d90ba4c..1b7b610e113d 100644
>> --- a/drivers/rpmsg/rpmsg_char.c
>> +++ b/drivers/rpmsg/rpmsg_char.c
>> @@ -25,6 +25,8 @@
>>
>> #include "rpmsg_char.h"
>>
>> +#define RPMSG_CHAR_DEVNAME "rpmsg-raw"
>> +
>> static dev_t rpmsg_major;
>> static struct class *rpmsg_class;
>>
>> @@ -421,6 +423,61 @@ int rpmsg_chrdev_eptdev_create(struct rpmsg_device *rpdev, struct device *parent
>> }
>> EXPORT_SYMBOL(rpmsg_chrdev_eptdev_create);
>>
>> +static int rpmsg_chrdev_probe(struct rpmsg_device *rpdev)
>> +{
>> + struct rpmsg_channel_info chinfo;
>> + struct rpmsg_eptdev *eptdev;
>> + struct rpmsg_endpoint *ept;
>> +
>> + memcpy(chinfo.name, RPMSG_CHAR_DEVNAME, sizeof(RPMSG_CHAR_DEVNAME));
>
> The length should relate to the size of the destination buffer.
> This looks like an excellent job for strscpy_pad()
Thanks for pointing it, i will have alook
>
>> + chinfo.src = rpdev->src;
>> + chinfo.dst = rpdev->dst;
>> +
>> + eptdev = __rpmsg_chrdev_eptdev_create(rpdev, &rpdev->dev, chinfo);
>
> Note that this creates a new endpoint device as a child of the rpdev,
> while new endpoints created by RPMSG_CREATE_EPT_IOCTL are parented by
> the rpmsg_ctrl device.
Right this is probed by the rpmsg bus.
>
> So it is possible to create two /dev/rpmsgN nodes for the same endpoint,
> I believe with the outcome that this one will be open but
> __rpmsg_create_ept() in virtio_rpmsg_bus should return NULL if the user
> tries to open the other one.
I do not observe this behavior on virtio backend. In my test I create 2
instances based on the ns announcement, /dev/rpmsg0 & /dev/rpmsg1 is created
Then I create a new instance using RPMSG_CREATE_EPT_IOCTL that create the
/dev/rpmsg2
The use of ida_simple_get in __rpmsg_chrdev_eptdev_create should prevent such
use case
Do you observe such behavior on your side, or only a concern?
>
>> + if (IS_ERR(eptdev))
>> + return PTR_ERR(eptdev);
>> +
>> + /*
>> + * Create the default endpoint associated to the rpmsg device and provide rpmsg_eptdev
>> + * structure as callback private data.
>> + */
>> + ept = rpmsg_create_default_ept(rpdev, rpmsg_ept_cb, eptdev, eptdev->chinfo);
>
> Why don't you just set rpdev->priv to eptdev and make rpmsg_ept_cb the
> callback of your rpmsg_driver?
you mean ept->priv i suppose.
Because the priv parameter is managed by the rpmsg backend, so I have to assume
that it is used for some other purposes in the backend.
>
>> + if (!ept) {
>> + dev_err(&rpdev->dev, "failed to create %s\n", eptdev->chinfo.name);
>> + put_device(&eptdev->dev);
>> + return -EINVAL;
>> + }
>> +
>> + /*
>> + * Do not allow the creation and release of an endpoint on /dev/rpmsgX open and close,
>> + * reuse the default endpoint instead
>> + */
>
> What happens when __rpmsg_chrdev_eptdev_create() delivers a uevent and
> user space quickly calls open() on the newly created /dev/rpmsgN, before
> the next line?
Right, here I can see 2 solutions:
- the use of a mutex to block the open
- move the rpmsg_create_default_ept in the open but in this case i need to keep
the eptdev->static_ept bool
A preference or an alternative?
>
>> + eptdev->static_ept = true;
>> +
>> + return 0;
>> +}
>> +
>> +static void rpmsg_chrdev_remove(struct rpmsg_device *rpdev)
>> +{
>> + int ret;
>> +
>> + ret = device_for_each_child(&rpdev->dev, NULL, rpmsg_chrdev_eptdev_destroy);
>> + if (ret)
>> + dev_warn(&rpdev->dev, "failed to destroy endpoints: %d\n", ret);
>> +}
>> +
>> +static struct rpmsg_device_id rpmsg_chrdev_id_table[] = {
>> + { .name = RPMSG_CHAR_DEVNAME },
>
> I would expect that this list would grow, but you hard coded
> RPMSG_CHAR_DEVNAME in probe, so that won't work.
The point here is more the use of RPMSG_CHAR_DEVNAME in
memcpy(chinfo.name, RPMSG_CHAR_DEVNAME, sizeof(RPMSG_CHAR_DEVNAME));
right?
I can change this by rpdev->id->name and suppress RPMSG_CHAR_DEVNAME
Regards,
Arnaud
>
> Regards,
> Bjorn
>
>> + { },
>> +};
>> +
>> +static struct rpmsg_driver rpmsg_chrdev_driver = {
>> + .probe = rpmsg_chrdev_probe,
>> + .remove = rpmsg_chrdev_remove,
>> + .id_table = rpmsg_chrdev_id_table,
>> + .drv.name = "rpmsg_chrdev",
>> +};
>> +
>> static int rpmsg_chrdev_init(void)
>> {
>> int ret;
>> @@ -434,16 +491,30 @@ static int rpmsg_chrdev_init(void)
>> rpmsg_class = class_create(THIS_MODULE, "rpmsg");
>> if (IS_ERR(rpmsg_class)) {
>> pr_err("failed to create rpmsg class\n");
>> - unregister_chrdev_region(rpmsg_major, RPMSG_DEV_MAX);
>> - return PTR_ERR(rpmsg_class);
>> + ret = PTR_ERR(rpmsg_class);
>> + goto free_region;
>> + }
>> +
>> + ret = register_rpmsg_driver(&rpmsg_chrdev_driver);
>> + if (ret < 0) {
>> + pr_err("rpmsg: failed to register rpmsg raw driver\n");
>> + goto free_class;
>> }
>>
>> return 0;
>> +
>> +free_class:
>> + class_destroy(rpmsg_class);
>> +free_region:
>> + unregister_chrdev_region(rpmsg_major, RPMSG_DEV_MAX);
>> +
>> + return ret;
>> }
>> postcore_initcall(rpmsg_chrdev_init);
>>
>> static void rpmsg_chrdev_exit(void)
>> {
>> + unregister_rpmsg_driver(&rpmsg_chrdev_driver);
>> class_destroy(rpmsg_class);
>> unregister_chrdev_region(rpmsg_major, RPMSG_DEV_MAX);
>> }
>> --
>> 2.17.1
>>